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COMPOSITIONAL CONSTRUCTION OF APPROXIMATE 
ABSTRACTIONS OF INTERCONNECTED CONTROL SYSTEMS 

MATTHIAS RUNGGER AND MAJID ZAMANI 


Abstract. We consider a compositional construction of approximate abstractions of 
interconnected control systems. In our framework, an abstraction acts as a substitute 
in the controller design process and is itself a continuous control system. The abstrac¬ 
tion is related to the concrete control system via a so-called simulation function: a 
Lyapunov-like function, which is used to establish a quantitative bound between the 
behavior of the approximate abstraction and the concrete system. In the first part of 
the paper, we provide a small gain type condition that facilitates the compositional 
construction of an abstraction of an interconnected control system together with a 
simulation function from the abstractions and simulation functions of the individual 
subsystems. In the second part of the paper, we restrict our attention to linear control 
system and characterize simulation functions in terms of controlled invariant, exter¬ 
nally stabilizable subspaces. Based on those characterizations, we propose a particular 
scheme to construct abstractions for linear control systems. We illustrate the compo¬ 
sitional construction of an abstraction on an interconnected system consisting of four 
linear subsystems. We use the abstraction as a substitute to synthesize a controller to 
enforce a certain linear temporal logic specification. 


1. Introduction 

One way to address the inherent difficulty in modeling, analyzing and controlling com¬ 
plex, large-scale, interconnected systems, is to apply a divide-and-conquer scheme [18] . 
In this approach, as a hrst step, the overall system is partitioned in a number of rea¬ 
sonably sized components, i.e., subsystems. Simultaneously, a number of appropriate 
interfaces to connect the individual subsystems are introduced. Subsequently, the anal¬ 
ysis and the design of the overall system is reduced to those of the subsystems. There 
exist different reasoning schemes to ensure the correctness of such a component-based, 
compositional analysis and design procedure. One scheme, which is often invoked in the 
formal methods community, is called assume-guarantee reasoning, see e.g. I22i [la [n]. 
Here, one establishes the correctness of the composed system by guaranteeing that each 
subsystem is correct, i.e., satisfies its specification, under the assumption that all other 
subsystems are correct. The assume-guarantee reasoning is always correct, if there is no 
circularity between assumptions and guarantees. In the case of circular reasoning, some 
additional “assume/guarantee” assumptions are imposed. Another approach, which is 
known from control theory, invokes a so called small gain condition, see e.g. miiiniEiE] 
to establish the stability of the interconnected system. For example in PE], the authors 
assume that the gain functions that are associated with the Lyapunov functions of the 
individual subsystems satisfy a certain “small gain” condition. The condition certihes 
a small (or weak) interaction of the subsystems, which prevents an amplification of the 
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signals across possible feedback interconnections. Similarly to the assnme-gnarantee 
reasoning, the small gain condition is always satisfied in the absence of any feedback 
interconnection [7[ and references therein]. 

In this paper, we nse the later reasoning and present a method for the compositional 
construction of approximate abstractions of interconnected nonlinear control systems. 
In our approach, an abstraction is itself a continuous control system (possibly with 
lower dimension), which is used as a substitute in the controller design process. The 
correctness reasoning from the abstraction to the concrete system is based on a notion of 
simulation function, which relates the concrete system with its abstraction. Simulation 
functions provide a quantitative bound between the behavior of the concrete systems 
and their abstractions. We employ a small gain type condition to construct a simulation 
function that relates the abstract interconnected system to the concrete interconnected 
system from the simulation functions of the individual subsystems. In the second part 
of the paper, we focus on the construction of abstractions (together with the associated 
simulation functions) of linear control systems. First, we characterize simulation func¬ 
tions in terms of controlled invariant, externally stabilizable subspaces. Subsequently, 
we propose a particular construction of abstractions of linear control systems. We con¬ 
clude the paper with the construction of an abstraction together with a simulation 
function of an interconnected system consisting of four linear subsystems. We use the 
constructed abstraction as a substitute in the controller synthesis procedure to enforce 
a certain linear temporal logic property [2] on the concrete interconnected system. As 
we demonstrate, the controller synthesis would not have been possible without the use 
of the abstraction. 

Related Work. Compositional reasoning schemes for verification in connection with 
abstractions of control systems are developed in [3ll HU HH] . The methods employ exact 
notions of abstractions which are based on simulation relations [HI [19] and simulation 
maps [31], for which constructive procedures exist only for rather restricted classes of 
control systems, e.g. linear control systems [9] and linear hybrid automata [11]. In con¬ 
trast to the exact notions, the approximate abstractions which we study in this paper 
are based on simulation functions whose structures are closely related to (incremental) 
Lyapunov functions. Thus, advanced nonlinear control techniques developed to con¬ 
struct Lyapunov functions have the potential to also be used to construct simulation 
functions. For example the toolbox developed in [23] uses sum-of-squares techniques to 
construct bisimulation functions to relate nonlinear control systems. 

An early approach to the compositional construction of simulation functions is given 
in [13] , where the interconnection of two subsystems is studied. Compositional schemes 
for general interconnected systems for the construction of finite abstractions of linear and 
nonlinear control systems are presented in [33] and [21] , respectively. Like in this paper, 
small gain type conditions are used to facilitate the compositional construction. As in 
our framework an abstraction is itself a continuous control system (potentially with lower 
dimension), the benefits of the proposed scheme are not limited to synthesis procedures 
based on finite abstractions, and therefore are potentially useful for a great variety of 
controller synthesis schemes, most notably computationally expensive schemes (in terms 
of the state space dimension of the system) such as [5ll3l |31l [26]. Nevertheless, as we 
demonstrate by an example, even for a synthesis scheme based on finite abstractions, 
we can apply our results as a first pre-processing step to reduce the dimensionality of 
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a given control system, before the construction of the hnite abstraction, and therefore 
substantially reduce the computational complexity. 

As we seek abstractions with reduced state space dimensions, our approach is closely 
related to the rich theory of model order reduction [T]. Specihcally, the construction 
of abstractions of linear control systems (similar to the Krylov subspace methods and 
balanced order reduction schemes) can be classihed as projection based methods |H]. 
Additionally, similar to m, the proposed compositional construction of abstractions 
of interconnected control systems leads to a structure preserving reduction technique. 
While in [Il|8l|29] the model mismatch is established with respect to 'H 2 /‘Hoo norms, we 
use simulation functions to derive C^o error bounds, which are essential to reason about 
complex properties, e.g. linear temporal logic properties [2], across related systems. 

To summarize, our contribution is twofold: 1) We present a small gain type condition 
to construct an abstraction of an interconnected system and a corresponding simulation 
function from the abstractions of the subsystems and their simulation functions. It is 
neither limited to two interconnected systems na, nor to synthesis schemes based on £- 
nite abstractions [33| 1^. 2) We characterize simulation functions for linear subsystems 
in terms of controlled invariant, externally stabilizable subspaces, which leads to con¬ 
structive procedures to determine abstractions of linear systems. Simulation functions 
for linear systems have been used in |TTl |32l |T2] . However, a geometric characterization 
of simulation functions, similar to [H], was missing. Moreover, this characterization al¬ 
lows to show that the conditions proposed in [T3] to construct abstractions are not only 
sufficient, but actually also necessary. 

A preliminary version of this work appeared in m In this paper we present a 
less restrictive small gain condition and provide a novel geometric characterization of 
simulation functions for linear control systems. 

2. Notation and Preliminaries 

We denote by N the set of non-negative integers and by M the set of real numbers. 
We annotate those symbols with subscripts to restrict those sets in the obvious way, e.g. 
M>o denotes the positive real numbers. We use with n,mE N>i, to denote the 

vector space of real matrices with n rows and m columns. The identity matrix in 
is denoted by /„. For a, 6 G M with a < b, we denote the closed, open and half-open 
intervals in M by [a, b], ]a, b[, [a, b[, and ]a, b], respectively. For a,b eN and a <b,we use 
[a; b], ]a; b[, [a; b[, and ]a; b] to denote the corresponding intervals in N. Given N G N>i, 
vectors Xi G rii G N>i and i G [1; N], we use x = (xi;. .. ',xn) to denote the vector 
in with N = consisting of the concatenation of vectors x*. 

We use I ■ I to denote the Euclidean norm of vectors in as well as the spectral norm, 
of matrices in Also for ^ : ]R>i —>■ M"- we introduce ||^||oo := supjg]K>o K(t)|- 

Given a function / : M” —)■ M"* and x G M"*, we use / = x to denote that /(x) = x 
for all X G If x is the zero vector, we simply write / = 0. The identity function 
in is denoted by id, where the dimension is always clear from the context. We 
use DV : M” —)■ to denote the gradient of a scalar function K : —)■ M>o and 

D+K(x, n) = limsup^_^Q“ ^(^)) to denote the upper-right Dini deriva¬ 
tive in the direction of v. Given two subsets A,B'0 M"', we use A-|-i? = {a-|-6|aG 
A,b E B} to denote the Minkowsky set addition. 

We use the usual notation /C, /Coo and KC to denote the different classes of comparison 
functions, see e.g. |7]. Moreover, we use MAF„ to denote the set of monotone aggregation 
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functions [7j, i.e., the class of functions fi : M>o that satisfy: i) fi{s) > 0 for 

all s G ]R>o and /i(s) = 0 iff s = 0; ii) for s,r E M>q Sj > for all i G [l;n] implies 
/i(s) > /i(r); iii) |s| —)■ oo implies /i(s) —)• oo. 

We recall some concepts from the geometric approach to linear systems theory [3]. 
Let A G and B G We use the usual symbols imB and keri? to denote 

image and kernel of B. A linear subspace S C MA is called {A, B)-controlled invariant 
if there exists a matrix K (of appropriate dimension) such that {A + BK)S C S', where 
the matrix-subspace product is given by AS := {x G M"' | = Ay}. An (A,i?)- 

controlled invariant subspace S' C M" is {A, B)-externally stabilizable if there exists a 
matrix K (of appropriate dimension) such that {A + BK)S C S and (A -|-i?iL)|Rn/5' 
is Hurwitz, i.e., the real parts of all the eigenvalues are strictly less than 0. Here, 
(A + i?A')|]Rn/5 denotes the map induced by {A + BK) on the quotient space W^/S, 
see P Def. 3.2.2]. 


3. Background and Motivation 

In this work, we study nonlinear control systems of the following form. 

Definition 1. A control system Tj is a tuple 

E = (X,[/,W,W,>V,/,F,h), (1) 

where X C M"-, U C M"*, W C and F C Ri are the state space, external input 
space, internal input space, and output space, respectively. We use the symbols U and 
W to, respectively, denote the set of piecewise continuous functions v : M>o —)■ U and 
u) : ]R>o —!• W. The function f : X x U xW— the vector held and h : X ^ Y is 
the output function. 

In our dehnition of a control system, we distinguish between external inputs u E U 
and internal inputs w E W . The purpose of this distinction will become apparent 
in Section where we introduce the interconnection of systems. Basically, we use 
the internal inputs to dehne the interconnection. For now, without referring to the 
interconnection, we can interpret the internal inputs as disturbances over which we have 
no control and the external inputs as control inputs which we are allowed to modify. 

A control system E induces a set of trajectories by the differential equation 

iit) = f{^{t),iy{t),u{t)), 

at) = hm)- 

A trajectory of S is a tuple (^, (C, z/, cn), consisting of a state trajectory ^ : M>o —)■ X, 
an output trajectory ( : M>o — )■ Y, and input trajectories u eU and uj E W, that satis- 
hes ([^ for almost all times t E M>o. We often use Cx,u,lj to denote the state 

trajectory and output trajectory associated with input trajectories v E U, uj E W and 
initial state x = ^(0), without explicitly referring to the tuple (^, (, z/, cn). 

Throughout the paper, we impose the usual regularity assumptions [20] on / and 
assume that X is strongly invariant and S is forward complete, so that for every initial 
state and input trajectories, there exists a unique state trajectory which is dehned on 
the whole semi-axis. 

We recall the notion of simulation function, introduced in na, which we adapt here 
to match our notion of control system with internal and external inputs. As we show 
in Section for the case of linear control systems, our notion of simulation function is 
related to the notion of simulation relation used in |9|. 
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Definition 2. Let S = {X, f/, W, W, W, /, V, h) and t = (X, f/, iX, W, W, /, F, /i) &e two 
control systems with p = p and q = q. A continuous function V : X x X ^ M> 0 ; locally 
Lipschitz on [X X X)\Vq with Vq = {(£, 0 ;) | V(x,x) = 0}, is called a simulation func¬ 
tion from S to S if for every x&X,x&X,ueU,wE W, there exists u E U so that 
for all w E W we have the following inequalities 


D+V 


X, X 


a{\h{x) — h{x)\) < V{x,x), 
f{x,u,w)\J 

+p{\u\) /i(|wi -Wi\,...,\Wp- Wpl). 


(3) 

(4) 


for some fixed a, X E /Coo? p E )CU {0} and MAFp p. 


Let us point out some differences between our definition of simulation function and 
Definition 1 in [H]. Here, for the sake of a simpler presentation, we simply assume that 
for every x, h, u, w there exists a u so that Q holds for all w. While in [H] the authors 
use an interface function k to provide the input u = k{x,x,u,w) that enforces Q. 
Moreover, in Definition 1 in [2] there is no distinction between internal and external 
inputs and, therefore, p{\wi — Wi|,..., \wp — Wp\) does not appear on the right-hand- 
side of Q . Furthermore, we formulate the decay condition Q in “dissipative” form [6], 
while in [21 Def. 1] the decay condition is formulated in “implication” form [6]. 

The following theorem shows the importance of the existence of a simulation function 
according to Definition 

Theorem 1. Consider S = (X, f/, W, W, W, /, F, h) and t = (X, H, IF, W, >V, /, F, h) 
with q = q and p = p. Suppose V is a simulation function from S to S. Then, there 
exist a KC function f3 and K. U {0} functions yext? Tint? such that for any x E X, x E X, 
h eU, oj eW there exists v eU so that for all u eW and t E ]R>o we have 

-Cx,vA^)\ < l5{V{x,x),t) 

“1“ "Text(11^11cx)) T^intd \ ^ |oo)* 

The proof, which is given in the appendix, follows the usual arguments that are known 
from similar results in the context of input-to-state Lyapunov functions, e.g. see [HU] . 
We need the following technical corollary later in the proof of Theorem 

Corollary 1. Given the assumptions of Theorem^ there exist a ICC function (3 and 
K, U {0} functions Text? Tint such that for any 0 eU, u E >V, x E X, and x E X there 
exists V eU so that for every uj eW and t E M>o we have 

< l5{V{x,x),t) 

'Text (11 ^ 11 00 ) “1“ Tint (11^ ^ 11 00 ): 

where the ICC function (3 satisfies (3{r, 0) = r for all r E M>o. 


The proof is provided in the appendix. 


Remark 1. If we are given an interface function k that maps every x, x, u and w to 
an input u = k{x, x,u,w) so that Q is satisfied, then, the input v eU that realizes (|^ 
is readily given by z/(t) = k{f(t),f(t),i)(t),oj(t)), see [23 Thm. 1], 

Given an interface function, we might exploit the usefulness of simulation functions 
as follows. For various reasons (e.g. lower dimension) it might be easier to synthesize a 
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controller for the system S enforcing some complex specifications, e.g. given as formulae 
in linear temporal logic [2], rather than for the original system S. Then we can use 
the interface function k to transfer or refine the controller that we computed for S to 
a controller for the system S (cf. example in Section]^. In this context, we refer to 
E as an approximate abstraction and to S as the concrete system. A quantification 
of the error that is introduced in the design process by taking the detour through the 
abstraction is given by (|^. A uniform error bound can be obtained by bounding the 
difference of the initial states (measured in terms of V{x,x)) together with bounds on 
the infinity norms of z> and u — u. 

Remark 2. In case that a control system does not have internal inputs, the defini¬ 
tion ([^ reduces to (A, U,U, /, Y, h) and the vector field becomes f : X x U —)■ M". Cor¬ 
respondingly, the definition of simulation functions simplifies, i.e., in (|^ we do not 
quantify the inequality over w,w and the term /i(|rci — t&i|, ..., \wp — M)p|) is omitted. 
Similarly, the results in Theorem^^and Corollary^ are modified, i.e., inequalities (|^ 
and @ are not quantified over uj,Cj G W and the term 7 int(||ci; — a)||oo) is omitted. 

4. COMPOSITIONALITY RESULT 

In this section, we analyze interconnected control systems and show how to con¬ 
struct an approximate abstraction of an interconnected system and the corresponding 
simulation function from the abstractions of the subsystems and their corresponding 
simulation functions, respectively. The definition of the interconnected control system 
is based on the notion of interconnected systems introduced in [33] . 

4.1. Interconnected Control Systems. We consider N G hl>i control systems 

with partitioned internal inputs and outputs 

Vi = {viis- ■ 

with Wij G Wij C RPn, y^. g Yij C Rio', and output function 

hi{xi) = {hii{xi )]...; hiN{xi)), ( 8 ) 

as depicted schematically in Figure [T] 

^ViN 

Figure 1. Input/output configuration of subsystem Sj. 

We interpret the outputs yu as external outputs, whereas the outputs yij with i ^ j 
are internal outputs which are used to dehne the interconnected systems. In particular, 
we assume that the dimension of Wij is equal to the dimension of yji, i.e., the following 
interconnection constraints hold: 

Vi, j G [1; A], i^j: Qij = Pji, Yij C Wji. 

If there is no connection from subsystem Sj to Hj, we simply set hij = 0. 



W^N 


( 9 ) 
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Definition 3. Consider N e N>i control systems Sj = (X*, Ui, Wi,Ui, Wj, fi, Yi, hi), i & 
[1;X], with the input-output structure given by 0-0. The interconnected control 
system S = (X, U,U, f, Y, h), denoted by X(Si,..., S^v), is given by X := Xi x ■■■ x 
Xjq, U := Ui X ■ ■ ■ X U]\f, Y := Yu x ■ ■ ■ x Y^j^ and functions 

f{x,u) := fN{xN,UN,WN)), 

h{x) := {hu{xi );...; hNN{xN)), 

where u = {uu ... ] u^) and x = {xp,... ] xn) and with the interconnection variables con¬ 
strained by Wij = yji for all i,j G [ 1 ; X], i 7 ^ j. 

An example of an interconnection of two control snbsystems Si and S 2 is illustrated 
in Figure 



Figure 2. Interconnection of two control subsystems Si and S 2 . 

4.2. Compositional Construction of Approximate Abstractions and Simula¬ 
tion Functions. In this subsection, we assume that we are given N subsystems Sj = 

{Xi, Ui, Wi,Ui, Wi, fi, Yi, hi) , together with their abstractions S* = {Xi, Ui, Wi,Ui, Wi, fi, Yi, hf) 
and the simulation functions Vi from Sj to Sj, with the associated comparison func¬ 
tions denoted by Oj, Aj, pi and /ij. We assume that the arguments of pi are partitioned 
according to the interconnection scheme, i.e., /ij G MAFjv-i and the internal inputs 
appear in Q for Xwij := \wij — Wif according to 

Pi{Xwii, ..., Xwip-i), Xwip+i), ..., XwiN). (10) 

We follow [6] and use an operator F : ]R>q —)• ]R>g to formulate a small gain condition. 

Each component Fj with := aj^{sj) is given by 

{ Pi{r2, ■ ■ ■ Un) i = l 

/ij(ri,... ,rj_i,rj+i,... ,rjv), iG]l;X[ (11) 

/ijv(ri,... ,rjv_i) i = N. 

For Si G /Coo, i G [1; N] we introduce D : M>q —)■ M>q with D{s) = (si -|- £i(si);...; Sat -1- 
£n{sn)) as well as A“^ : M>q —)■ M>q by A“^(s) = (Ab^(si); • ■ ■; Xff^{sp^)). The nonlinear 
small gain condition is given by D o F o A“^ ^ id, i.e., for any s G least one 

component of D o F oA“^(s) is strictly less than the corresponding component of s. 

One of the main results in [7j shows that if D o F o A“^ is irreducible and satisfies 
the small gain condition, then there exist /Coo functions cxj, i G [1;X] so that a{r) = 

(cTi(r );...; cr]v{r)) satisfied 

D o F o A“’^(cr(r)) < (j(r) for all r G M>o. (12) 

^We interpret the inequality ( [T^ component-wise, i.e., for x € we have a: < 0 iff every entry 
Xi < 0, i € [I; N], 
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Subsequently, we term N /Coo functions cXi that satisfy (12) for some D as Q-path [71 
Def. 5.1], 

Suppose that N = 2 and ttj = id for i G [1;2]. The small gain condition requires 
that there exist Si G /Coo so that either (id + £i) o o A 2 ^( 52 ) < Si or (id + £ 2 ) 0 /^ 2 ° 


Ai ^(si) < S2 holds for all s G 
in fTHl 


^> 0 - 


This follows, e.g. by the small gain condition used 


3£gR>o'^»’SM>o (1 + s)jj ,2 o o (1 + £)/ii o A 2 {r) < r. 


(13) 


The main technical result in [16], which enables the small gain theorem, shows that 


( 13 ) implies the existence of (J2 G /Coo so that (1 + e)p.2 ° < a2{r) < X2 o p-i (l^) 

holds for all r > 0 . It is easy to check that ct(s) = (51,(72(52)) satishes ( 12 ). In the 
context of simulation functions, condition (13) ensures that the output mismatch prop¬ 
agated through the interconnected systems is not amplihed. For general interconnected 
systems, the small gain condition can also be interpreted as the requirement that the 
“loop-gains” associated with the cycles of the interconnection graph are strictly less 
than one, see [71 Sec. 8.4]. 

If the functions at, /ij and Aj are linear, the existence of an fl-path follows from TA”^ 
having spectral radius strictly less than one [71 Thm. 5.1]. In this case, the right eigen¬ 
vector r] G M>o associated with the spectral radius has positive entries, and it follows 
that DTA~^ri < p for some appropriately picked Si > 0. Hence, a{r) = (r^ir;...; //Arr), 
is an H-path. 

In the following theorem, similar to [HI Thm 4.5], we use the technical assumption on 
the derivative o A,)' of the functions o Aj which reads 

Vi6[i;Ar]V«6^^3«6^^V^6R>0 : K{r) < K{r){ar^ o Ai)'(r) 
Vie[i;jv]VKeK;3KeK:VreiL>o : o Ai)'(r) < ^(r). 

Theorem 2. Consider the interconnected control system E = X(Ei,.. 

N G N>i control subsystems E*. Suppose that for each subsystem E* 
together with a simulation function Vi from E* to Ej with comparison functions ai, Aj, 
pi and Pi- Suppose that there exists an VL-path a and for every i G [1; A^] o Aj is 
differentiable on M>o o.iT'd (14) holds. Then 

(15) 


(14) 

, Ejv) induced by 
we are given E* 


I/(h, x) = max {(7^ o XioVi{xi,Xi)} 
ie[i;V] 

is a simulation function from S=X(Si,...,SAr) to T. 

Proof. We follow the arguments in P, Thm. 4.5]. Let us hrst point out, that a~^ o Aj 
and Vj being differentiable and locally Lipschitz, respectively, implies that V is locally 
Lipschitz. Let us show inequality (|^ for a; = (xi; . .. ;xn) G X and x = {xp ...; xn) G 
X. We derive 

\h{x) - h{x)\ < Vn max |hjj(hj) - hu^Xif 


< Vn 


max a, ^ o 




Vi{xi,Xi 


< a{ max ( 7 j ^ o Aj o Vi(a;j, xf)) = a(V(x, x)) 

ie[l-,N] 


where a{r) = y/N maxj 0 ;^ ^ o A^ ^ o (7j(r) which is a /Coo function and (|^ holds with 
a = a~^. 
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We continue with showing Q. Let z,v E X x X. Using a straightforward extension 
of [211 Thru. 1], we obtain 

D^U {z, v) < max{D^((j“^ o Aj o Vi){z, v) \ i E I{z)} (16) 

where I{z) = {i E [1; N] \V{z) = o A, o Vi(z)}. Moreover, by Lemma in the ap¬ 
pendix, we have 

D+(a-' o A, o V,Xz, v) < {a-^ o \.^'{V,iz))D+V,{z, v). (17) 

We fix a: = (xi;...; xn), x = (xi; ... ;xn), in X x X \ Vq, h = (hi;...; un) £ U and 
u = {ui;...; un) G U, where we pick Ui to satisfy (|^ with the internal inputs given by 
Wij = hji{xj) and Wij = hji{xj). We define Awij := \wij — h)jj|, Ayji := \yji — yji\ and 
Uvec = (hi; ; Vat), then we get 


/ij(X'Uiji,..., Xwjp—i), XtCjp-i-i),..., XtCj/v") 
f^ii^Ayii, ..., Xj/p_i)j, Xyp_|_i)j,..., Xyjvj) 

< y,i[ai (hi)) ■ ■ ■ 1 <Tj_i(h7—i), cij+i(hi+i),..., (hjv)) 

< ri(Uvec). 


Moreover, we see that rj(Wec) equals 


Li o A ^((Ti o a/ o Ai(hi);...; cttv o o AAr(UAr)). 


Using ([I^, i.e., Lo A ^((T(r)) < D ^ °<T(r), and (15) we obtain a bound of (10) by 


(id + £i)^ oai{V). Let us slightly abuse notation and use Vi and D+V), for Vi{xi,Xi) 
and D^Vi{{xi,Xi), {fi{xi,Ui,Wi), fi{xi,Ui,Wi))). Similarly, we simplify the notation for 
V and D+U. Let i E /((x,x)), then we compute 

D+h7 < -Aj(Ui) (id ei)~^ o ai{V) + Pi{\ui\) 

< -ai{V) + (id ei)~^ o aiiV) + Pi{\ui\) 

< -Ei O (id EiY^ O cri(U) Pi(|fy|). 


Using (14), it follows that there exist E Xqo and a* G X U {0} so that o o 
<Ti(F) < (cT“^ o Ai)'(r)Tj^ o (Tj(r) and (cjF^ o Ai)'(r)pi(r) <KiO ^^(r) holds for all r G 
M>o. We dehne A G /Coo and p G X U {0} by 


A(r) = min o o cri(r)},p(r) = niax {/ti o pi{r)}. 


ie[l;Af] 


ie[i;V] 


Using (16) and (17) we get D+U < —A(17) -|- p(|h|) which completes the proof. □ 


Remark 3. In the linear case, with cr(r) = (pir ;...; Patf) we get V{x, x) = maxj x 

with A = minfyAiY^} P ~ where we abuse notation and identify linear 

functions a(r) = ar with their coefficients, i.e., a = a. 


5. Approximate Abstractions and 
Simulation Functions eor Linear Systems 


In this section, we focus on linear control systems S and square-root-of-quadratic 
simulation functions V. In the hrst part, we follow the geometric approach to linear 
control systems, and characterize simulation functions for linear control systems S 
in terms of controlled invariant externally stabilizable subspaces [3]. The results are 
closely connected to the characterization of simulation relations developed in [9] . In the 
second part, we use the characterization of simulation functions to actually construct 
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abstractions of linear control snbsystems whose existence was assnmed in the hrst part 
of the paper. 


5.1. Characterization of Simulation Functions. A linear control system is defined 
as a control system with the vector field and ontpnt fnnction given by the following 
linear maps 


iii) = Mit) + Bv{t) + Du:{t), 

m = cm. 


(18) 


with the state space, external inpnt space, internal inpnt space and ontpnt space given 
by M”, M"*, and M'^, respectively. The dimensions of the matrices follow by 


A e 


\B e 


\De and C E 


(19) 


Henceforth, we simply nse the tnple S = (A, B, C, B) to refer to a control system with 
vector field and ontpnt fnnction of the form of (18) with the dimension of the corre¬ 


sponding matrices specified by (19). As the co-domain of the internal and external 


inpnts are implicitly determined by the dimension of B and D, we do not inclnde the 
sets W and W in the system tnple. 

In the following we characterize simnlation fnnctions from Si = (Ai, Bi, Ci, Bi) to 
S 2 = (A 2 , i? 2 , C 2 , /I 2 ) in terms of the anxiliary matrices given by 


Ai 2 — 

0 

0 

1 _ 1 

, Bi 2 — 

■ 0 ■ 
.^2. 

, B21 — 

'Bf 

0 

, Bi 2 — 

'Df 

.^2. 

C12 = 

-Cl c 

T 







( 20 ) 

Theorem 3 (Necessity). Consider two linear control systems Sj = {Ai,Bi,Ci,Bi), i E 
{1,2} with the same internal input space dimension and the same output space dimen¬ 
sion. Let the matrices A12, H12, H21, C'12, £*12 given by ( 20 ). Suppose there exists a 


simulation function V from Si to S 2 , then there exists a relation R C x which 
is a subspace that satisfies 


R is {Ai 2 , B 12 )-externally stabilizable (21a) 

Ai2i? C i?-|-imi?i2 (21b) 

imZli 2 C i?-|-imi?i 2 (21c) 

her (712. (21d) 

If the function p associated with V equals to zero, then 

imH 2 i C + imi?i 2 . (22a) 


Proof of Theorem Let R C M"! x pg the smallest snbspace in that con¬ 

tains the set S = {(a;i;a;2) I C(xi,X 2 ) = 0}. By definition, any element of R follows by 
applying scalar mnltiplication and addition to elements in S, and therefore, we obtain 
R C ker(7i2. Now let i^i = 0 and coi = a; 2 - Choose xi,X 2 snch that V{xi,X 2 ) = 0, then 
it follows from Corollarythat there exists 1^2 snch that V, ^ 2 ,x 2 ,u 2 ,ui 2 {'t)) = 0 
holds for all t E M>o. By the linearity of solntions of linear systems, we have (xi,X 2 ) € 
R implies that there exists z /2 snch that {^i,xi,ui,LJiit),^2,x2,u2,u}2i.'t)) E R holds for all 
tE R>o, which shows that R is (A 12 , i?i 2 )-controlled invariant, see |3], Thm. 4.1.1] 
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and (21b) follows. As the choice of xi, X 2 and ui is arbitrary, we invoke the fnn- 


damental lemma of the geometrical approach |3l Lem. 3.2.1] and obtain that for ev¬ 
ery xi, X 2 , Wi there is U 2 so that [AiXi + DiWi, A 2 X 2 + D 2 W 1 + B 2 U 2 ) € R. By set¬ 
ting xi = X 2 = 0, we obtain (21c). We continne to show (21a). For z/i = 0, cui = U 2 , 


Corollary implies that for every (xi,X 2 ) G x there exists z /2 G W 2 snch that 
limi^oo= 0 ) which implies that 6 , 0 : 2 ,!/ 2 ,‘^ 2 W) con¬ 

verges to R. Then using [3l Def. 4.1.6 and Prp. 4.1.14] we conclude that R is (A 12 , Bu)- 
externally stabilizable. 


We continue with (22a). Let ui = U 2 = 0. Since 7 ext = 0, we use the same argu¬ 


ments as above, and obtain that for every (xi,X 2 ) G R and ui G Ui there is z /2 G U 2 so 
that , ^2,x2,u2,uj2it)) G R holds for all t G ]R>o. By the fundamental lemma 

of the geometric approach m Lem. 3.2.1], we have that {^i,xi,ur,ujAt),^ 2 ,x 2 ,u 2 ,uj 2 it)) ^ R 
for almost all t G M>o. This implies, for every (xi,X 2 ) G R and Ui G there exists 
U 2 G so that (AiXi -|- BiUi, A 2 X 2 + B 2 U 2 ) G R, which concludes the proof. □ 

Theorem 4 (Sufficiency). Consider two linear control systems Ej = {Ai, Bi,Ci, Di), 
i G {1,2} with the same internal input space dimension and the same output space 
dimension. Let the matrices A 12 , 5 i 2 , .B 21 , ^ 12 , £*12 be given by ([20|). Suppose there 


exists a linear subspace R C x satisfies (21a)-(21d), then there exists a 

symmetric positive semi-definite matrix M G gQ 

1 

V { xi , X 2) = ((xi;x2)"^M(xi;x2))2 

is a simulation function from Si to S 2 . If additionally ( 22a[ ) holds, then the function p 
associated with V equals to zero, i.e., p = 0. 

Proof of Theorem^ Wepick iFi 2 so that (A 12 Bi 2 Ki 2 )R C i?and (A 12 -h 5 i 2 A'i 2 )|(nxR" 2 )/ij 
is Hurwitz. Let A = (A 12 -|- B 12 K 12 ), from [3l Proof of Thm 3.2.1 and Def. 3.2.4] it fol¬ 
lows that for any invertible matrix T = [Ti T 2 ] with imTi = i? and = [ffi we 
obtain 


T-^AT = 


Fn Fi2 
0 F 22 


, F 22 is Hurwitz, F 22 T 2 = T 2 A. 


(23) 


For the remainder, we use A = F 22 and H — T 2 . Let x G ker T 2 , then we compute 
X = TT~^x = Tiy for y = Tix and it follows that kerH C R. Since R C kerCi 2 , we 
obtain kerH C ker (712 ami there exists C so that CA = Ci 2 . As A is Hurwitz, there 
exist a constant A G M>o and a symmetric positive dehnite matrix M, so that 

< M 


We dehne V : x IR"'^ —)■ 


A' M + MA< -2AM. 
60 by 


V{xi,X2) = ((xi;x2)^n’^Mn(xi;x2))T 

Clearly M = H^MH is symmetric positive semi-dehnite and it remains to show that V 
is indeed a simulation function from Si to S 2 . First, we verify that ^ holds for a = id 
by 

\CiXi -02X2]“^ = |Ci 2 (xi;x 2 )P = \CA{xi]X 2 )\ 

< (xi;x2)"^n'^Mn(xi;x2) = H(xi,X2)^. 
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We continue to show that Q holds as well. Let xi, X 2 , ui and wi be given. Then we pick 
U 2 = Ki 2 {xi; X 2 ) + K 4 U 1 + ^3 where we pick M 3 so that D 12 W 1 + B 12 U 3 G R holds, which 
The purpose of K^ui will become apparent later. Let x = (a;i;a; 2 ), 


is possible by ( 21 c 
then for any W 2 the left-hand-side of (|^ evaluates to 

Ax + D 12 W 1 + B 12 U 3 


X 


V{xi,X 2 ) 


Bi 

B 2 K^ 


Ml -h 


0 

D 2 


Aw 


with Am; = (mii — W 2 )- We use AH = HA and (24) to bound the first term by 


X 


^H'^MH 


Ax < —X 


X 


^H'^MHx 


V{xi,X2) V(xi,X2) 

Moreover, n(Zli 2 M;i -|- B 12 U 3 ) = 0 as DuWi + B 12 U 3 G R. 
Schwarz inequality to bound 


= -XV{xi,X2). 

Then we use the Cauchy- 


a;' n' Mn 

V{xi,X 2 ) 


Bi 

B 2 K^ 


Ml -h 


0 

D 2 


Aw < 


\^/mh 


Bi 

B 2 K 4 


||mi| + \VMH 


0 

D 2 


\\W2 - Mill 


and we see that is a simulation function with the associated comparison functions 
given by a = id and for all r G M>o and s G Kto by A(r) = Ar, 




p{r) = IV Mil 


B, 

B 2 K^ 


\r and p{s) = '^iVmh 


2 = 1 


0 

D 2 


Si. 


If imil 2 i R-\- imili 2 , for every mi we choose M 2 differently by M 2 = Ki 2 {xi; X 2 ) -f M 3 -|- 
M 4 with M 4 so that B 21 U 1 + B 12 U 4 G R which implies n(il 2 iMi + B 21 U 4 ) = 0 and the term 
of the left-hand-side of (|^ associated with mi vanishes. □ 

Theorem 1^ gives rise to the following definition. 

Definition 4. Let Sj = {Ai, Bi,Ci, Di), i G {1,2} be two linear control systems with 
the same internal input space dimension and the same output space dimension. Let 
the matrices A 12 , i?i 2 , (^ 12 ,-D 12 given by (20). We say that a relation R C x 
induces a simulation function from Si to S 2 if it satisfies ( 21 a)-( 21 d). 

Theorems and facilitate a direct comparison of simulation functions with the 
notion of a simulation relation R from Si to S 2 [9]. A relation R C x is a 
simulation relation from Si to S 2 if for every (a;i,a; 2 ) G R, ui and ui = 022 , there exists 
z /2 so that 

• (^1,3?! ,z^i ,a;i it)) e R 

• Cl,xijh'i,^>1 ft) C2,X2,U2,u}2{t) ■ 

This notion of simulation relation was introduced in [U] in the context of verification 
for linear systems with two types of inputs. Due to the verification context, in [H] the 
internal input is interpreted as control input and the external inputs as disturbances. 
While in our approach, we use the external input as control input that we refine from 
Si to S 2 and the internal input is used for the interconnection of the subsystems. 
Nevertheless, mathematically, both notions are closely related and the authors in [9] 
characterized simulation relations from Si to S 2 in terms of conditions ( 21 b)-( 22 a). 
On one hand, two systems Si and S 2 that are related via a simulation function (or 


(25) 
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equivalently a relation that induces a simulation function) needs to satisfy (22a) only if 
p = 0 should hold. As a result, given an output trajectory of Si, there does 

not necessarily exist an output trajectory C 2 ,x 2 ,u 2 ,(^ 2 i't) of S2 so that both trajectories are 
identical. On the other hand, a simulation relation R is not required to be externally 
stabilizable (21a). The external stabilizability in the context of simulation functions 
allows Ci,xi,ui,LJi(t) and C 2 , X2,1/2,1.^2 (^) to be driven by the different internal inputs oji ^ UJ 2 
and the initial states are not restricted to satisfy {xi,X 2 ) G R. In view of ([^ the effect 
of the different internal inputs on the output difference is bounded and the effect of the 
freely chosen initial states vanishes over time. 

We conclude this subsection with the characterization of a relation inducing a simu¬ 
lation function from Ei to S2 (or from S2 to Si) that is dehned in terms of a matrix 

p ^ ^n2Xni 


R = {(ti; X 2 ) e X | Pxi = X2}. (26) 

We use this result in the next subsection to construct an approximate abstraction S of 
a given linear control system S. 


Theorem 5. Consider two linear control systems S* = {Ai,Bi,Ci,Di), i G {1,2} with 
the same internal input space dimension and the same output space dimension. Let 
R he given by (26) with the matrix P 
function from Si 


to 


G The relation R induces a simulation 

S2 iff there exists matrices Ki,K 2 ,K 3 of appropriate dimensions 


so that the following holds 


A 2 + B 2 K 1 is Hurwitz (27a) 

A 2 P = PAi + B 2 K 2 (27b) 

D 2 = PDi + B 2 KS (27c) 

(Si = C 2 P. (27d) 

Moreover, (22a) holds iff there exists 7^4 so that 

P Bi = B 2 Ki^. (28a) 


(21b) 


Proof. First, we show that R satishes (21b)-(21d) ((21b)-(22a)) iff (27b)-(27d) ((27b)- 


(28a)) holds. By the dehnition of R it is straightforward to establish the equivalences 

Now 


(27b), (21c) 


(27c), (21d) 


(27d) and (22a) 


(28a). 


we assume that R is (A12, i?i2)-controlled invariant. Let K 12 = [K[ Ki] so that (y4i2 -|- 
Bi 2 Ki 2 )R C R. Then we pick T in (23) by 


T = 


0 

P Rn 


, where im 


P 


= R 


and observe that —PAi + B 2 K[ + {A 2 + B 2 Ki)P = 0 and F 22 = ^2-1- B 2 K 1 , which shows 
that (27b) holds and, consequently, (21a) holds iff (27a) holds. □ 


The following corollary readily follows from the proofs of Theorem and 


Corollary 2. Suppose that (27a)-(27d) hold. Let M G M"'2xn2 g, gymuiQtric positive 
definite matrix that satisfies 


Cj C2<M 

{A 2 + B 2 KiyM + M{A 2 + B 2 K 1 ) < -2AM 
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for some A G M>o. Then a simulation function from Si to S2 is given by 

1 

V{xi,X2) = ((x2 - PxiYM{ x 2 - Pxi)) 2 

and the interface function that maps Xi, X 2 , Ui, Wi to U 2 so that Q holds is given by 

U2 = Ki{x 2 - PXi) - K2X1 - K^Wi + K4U1, 

where K 4 is given implicitly as the matrix that minimizes \ a/M {PBi — B 2 K 4 ) \. Let 
di G M”, i G [l;p] denote the columns of D 2 - The comparison functions associated with 
V follow for all r G M>o and s G R>o by a(r) = r, A(r) = \r, 

p{r) = \^{PB 4 - B 2 K 4 )\r, 

/i(si,..., Sp) = I \/M di\si + ... + \ \/M dp\sp. 


5.2. Construction of Approximate Abstractions. In this subsection, we are inter¬ 
ested in the construction of an approximate abstraction S = {A, ]3, C, D) for a given 
linear control system S = [A, B, C, D) together with a square-root-of-quadratic simu¬ 
lation function from S to S. Given the fact that any two asymptotically stable linear 
systems S and S (with suitable internal input and output space dimensions) can be re¬ 
lated via a simulation function, we follow the approach in [T3] to construct abstractions 
of linear control systems, and ask not only for a simulation function from S to S, but 
additionally require that there exists a simulation relationj^from S to S, which ensures 
that nice properties like controllability of S are preserved on the abstraction S. The 
construction is based on the assumption that 

(A, B) is stabilizable, (29a) 

and on the existence of a matrix P G with a trivial kernel that satisfies 


A im P C im P -|- im i? 
im P C im P -|- im P 
imP -h kerC = R"-. 


(30a) 

(30b) 

(30c) 


In [13] conditions (29a), (30a) and (30c) were used to construct an abstraction S and a 
square-root-of-quadratic simulation function V from S to S together with a simulation 
relation R = {(x;i;) | Px = x} (for some P G M"^") from E to S. In this paper, we 
extend the scheme in [T3] in the following directions. First, we add condition (30b) in 


order to be able to account for systems with internal and external inputs. Second, we 
show that the simulation relation R actually induces a simulation function from S to E. 
Third, and most importantly, using the novel geometric characterization of simulation 


functions, we show that the conditions (29a)-(30c) are not only sufficient but actually 
necessary for the existence of an abstraction E so that the relation P = {(£, x) | Px = x} 
induces a simulation function from E to E and R induces a simulation function from E 
to E. 


Theorem 6. Consider E = {A,B,C,D) and 

P = {(x; x) G M” X M” I Px = x} 

^Actually, the authors of [T3] show that E is P-related to E (see m Def. 3]), which, when we omit 
the internal inputs, is equivalent to R being a simulation relation from E to E. 
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with P G kerP = 0. There exist S = {A,B,C,D) with the same internal input 

space dim. and the same output space dim. as S and R = {{x;x) G M"" x M"" | Px = x} 
with P G so that R induces a simulation function from T to T and R induces a 


simulation function from T to T iff (29a)-(30c) hold. 


Proof. Let R (R) induces a simulation function from E to S (S to S). From Theore mit 
follows that (27a) implies (29a), (27b) implies (30a) and ( |27c ) implies ( |30b ). From (27d) 
it follows that C = CP and CP = C, which implies that CPP = C. Since kerP = 0, 


Lemma 3 in HI is applicable and we obtain (|30c[). Now suppose that (|29a[)-(pl0c)) hold. 


Let C = CP and pick A and C together with iFi, K 2 , so that (27a)-(27d) hold for A, 
B, C, D, A, B, C, D in place of A 2 , B 2 , C 2 , P 2 , Ai, Pi, Ci, Pi, respectively. Theorem]^ 
shows that R induces a simulation function from S = (A, P, C, D) to S for any P of ap¬ 
propriate dimension. We continue to show that R induces a simulation function from E 
to E. Again we use Lemma 3 in [H] to pick P with im P = M” so that CP = C, PP = R 
and PP -|- EF = R for some matrices E and P of appropriate dimension with im P = 
kerP. Let P = [PP PAP]. We derive AP = PPAP = PAPP - PB{K 2 + PiP)P = 
PA - PAPP - PB{K 2 + PiP)P = PA + P[-(P 2 + KiPy - and P = PPP = 
P(P — BKf) = PP -|- B[—KJ 0]^. Additionally, we have PB = P[/m 0]^ and it follows 
that R satishes (27b)-(28a) for P, A, P, P, P, A, P, P, P in place of P, A 2 , P 2 , P 2 , 
P 2 , Ai, Pi, Pi, Pi, respectively, which shows that P is a simulation relation from E 


to S [9l Prp. 5.2]. Moreover, imP = M”. As (A,P) is stabilizable we use (25) to verify 


that (A,P) is stabilizable as well. Hence, there exists a matrix Pi so that (27a) holds. 
It follows that R induces a simulation function from E to S. □ 

We summarize the construction of an approximate abstraction of a stabilizable control 
system E = (A, P, P, P) in Table [H The associated simulation function from E to E 


( 1 ) 

( 2 ) 

( 3 ) 

( 4 ) 

( 5 ) 


Compute M and Pi so that P'''P < M and 
(A + BKipM + M{A + PPi) < -2AM holds. 


Determine P with kerP = 0 that satishes (30a)-(30c) 
and P so that PPP = P and imP = M”. 

Determine A and P 2 so that AP = PA -|- PP 2 holds. 
Determine P and P 3 so that P = PP -|- PP 3 holds. 
The matrices P and P follow by P = [PP PAP] 
where imP = kerP and P = PP. 


Table 1. Construction of an approximate abstraction E. 


follows from Corollary|^to V(x, x) = {x — PxRM{x — Px) and the interface function 

that maps x, x, u,w tou so that (Q holds is given hj u = Ki{x — Px) — K 2 X — K^w + K^u. 
The matrix K 4 is given as the one that minimizes |a/M(PP — PP 4 )| which can be com¬ 
puted according to [m Prp. 1]. 

Note that Theorem provides only structural conditions for the construction of ap¬ 
proximate abstractions of linear control systems and it is an interesting open question 
on how to pick the different matrices outlined in Table (within the allowed domains) 
so as to obtain approximate abstractions with optimal approximation accuracies. 
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6. An Example 

Let us consider the compositional construction of an approximate abstraction together 
with a simulation function for an interconnected linear control system illustrated in 
Figure We consider two triple integrators (Si and S 3 ) which are organized in a 
feedback connection, where the output of S 3 is directly connected to the input of Si 
and the output of Si is connected to the input of S 3 via two two-dimensional systems 
S2 and S4. The system matrices are accordingly set to 



and 


Figure 3. The interconnected system X(Si, S2, S3, S4) 

, - 0 ll , 

Ai = A3 = ^ ^ ^ ’ 


Ao — Aa — 


0 1 

0 


Bj = 

Bj = 

0 0 

1 



0 0 

0 


Cu = 

C 33 = 

1 ■ 
-5 


= Bj = 

- C 22 = 


Whereas the interconnection matrices Cij, Dij are given by 

Ci 4 = C 12 = C 31 = [1 0 0 ] , C 23 = C 43 = [1 0 ] 


-D 13 — 


for some di G M. The remaining Cij and Dij are given by zero matrices. We summarize 
the internal input and output matrices by 

Cl = ^3 = [1 0 0 ] , C 2 = C 4 = [1 0 ] , 


r oi 




’o' 

1 

' ^ ^ 

_1 

, P21 — Dai — 

—d2 

2d2_ 

, Dsa — D32 — 

0 

A 



0 




0 

0 

Pi = 

0 

di 

, D2 — Da — 

Vk 

CO 

0 

d3 

-1 

0 


The Abstract System. We continue the example by applying the procedure out¬ 
lined in Table to construct an abstraction Sj of each subsystem Sj. 

We start by computing Mj, Ki^i and Aj, for i G {1, 3}, such that the matrix inequalities 
in 1) of Table hold. To this end, we solve the linear matrix inequality given by 
equations (6) and (7) in [H]. We obtain 

■ 4.59 4.07 0.90] 

Mi = 4.07 4.72 1.24 , Ai,i = - [5.13 7.12 3.03] , 

0.90 1.24 0.61 


with Aj = 1. Next we determine P* for Sj so that (30a)-(30c) hold by Pj = [1 0 0] 
Following 2) through 5) in Table we obtain Sj by 

Aj = 0 , Pj = 1 , Di = 0 , Cj = 1 , 
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together with the matrices for the interface Ki ^2 = 0 , = di, = [d^ ds] and Ki ^4 = 

1.47. The simulation functions follow by Vi{xi,Xi) = (xj — PiXiYMi{xi — PiXi) and 
the associated comparison functions by ai = = id and 

Ai(r) = r,pi(r) = 1.81r, pi(r 2 , rs, r 4 ) = O.TSdirs 
A 3 (r) = r,p 3 (r) = 1.81r, p 3 (ri, rs, r 4 ) = 0.78d3(r2 + r 4 ). 


We continue with subsystems S 2 and S 4 . Since the subsystems S 2 and S 4 have no 
external inputs, it is necessary that the matrices A 2 and ^4 are Hurwitz in order to be 
able to find matrices M 2 and M 4 that satisfy the matrix inequalities in 1) of Table 
This holds for our example and we compute 


M2 — M.A — 


26 10 
10 4 


K2,1 — — 0 


with A 2 = A 4 = 2 . Also the conditions (30a) and (30b) simplify in the absence of any 


external inputs. It follows that imPj needs to be an Aj-invariant subspace that contains 
imPj. In this case, we can use the Algorithm 3.2.1 in [3] to compute the minimal Aj- 


invariant subspace that contains imP* 
abstractions Sj by 


We obtain Pj = [1 — 2]"'', i E {2,4}, and the 


Aj — —2, Bi — 1, Di — —d2, Ci — 1. 


As before we obtain the square-root-of-quadratic simulation function, defined by P* and 
Mi. The associated interface follows by fcj = 0. The comparison functions associated 
with the simulation function Vi are given by = id, Aj(r) = 2 r, pi{r) = 1.41r and 

Aii(Fi,r2,r3) = 1.41^27-1. 

The Composition. We apply Theorem to obtain a simulation function from 
X(Si, S 2 , S 3 , S 4 ) to X(Si, S 2 , S 3 , S 4 ). The functions A and T are linear and identified 
with 



1 

0 

0 

0 


0 

0 

0.784 

0 

A = 

0 

2 

0 

0 

,r = 

1.41^2 

0 

0 

0 

0 

0 

1 

0 

0 

0.784 

0 

0.784 


0 

0 

0 

2 


1.41^2 

0 

0 

0 


In order to be able to apply Theorem we need to assure that the spectral radius 
of TA”^ is strictly less than one so that there exists a vector r] E such that (1 + 
£)rA “^?7 < r] holds for some e > 0. We pick di = d 2 = d^ = 0.5 and obtain Amax(rA“^) = 
0.19. We pick rj = [0.4 0.6 0.5 0.6]"'" and verify that (1 + e:)rA“^r 7 < 77 holds for 
e = A. Certainly, Xi/rjiV is differentiable and satisfies (14). We apply Theorem 
and obtain V (f, x) = maxj ^Vi{xi, Xi) as simulation function from X(Si, S 2 , S 3 , S 4 ) to 
X(Si, S 2 , S 3 , S 4 ), with the associated comparison functions given by a{r) = r, A(r) = 
4/5r and p{r) = 4.8r, see Remark]^ Hence, we obtain the bound 


ICW-CWI <e + 5.9||j>| 


(31) 


Let Kec(^) = (Ri(4(^),^i(t));...;R4(^4(t),^4(t))) and Z = (pi(||z>i||oo); • • • ;P4 (||p4||oo)), 

it) < e-^Vvec(O) + TA- Vvec(t) + A'^X 


then similarly to (31), we get 


which provides the bound |C(t) — C(^)| < |Kec(^)|- 


( 32 ) 
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Controller Synthesis. Let us now synthesize a controller for S via the abstraction 
S to enforce the specihcation, defined by the LTL formula [2] 


□ s /\ ^OT^, S,Ti CR\ 

*6[1;3] 


(33) 


which requires that any output trajectory ( of the closed loop system evolves inside 
the set S and visits each Ti, i e [ 1 ; 3] infinitely often, i.e., for all t G ]R>o C(t) ^ S 
and for each i G [1; ^ there exists t' >t so that ({t') G Tj, see [2]. The specification is 
illustrated in Figure]^ We use SCOTS [28] to synthesize a controller for S to enforce (33). 
In the synthesis process we restricted the abstract inputs to Ui,U 3 G [—0.1,0.!] and 
'U 2 = ^4 = 0 for all times. Given that we can set the initial states of S to x, = PjXj, so 
that V (x, x) = 0 , we obtain a bound from (31) on the output difference by |C(^) “ C(^) I ^ 
V, ^(t)) < V := 0.85 for all f > 0. An improved bound is obtained from (32) by 
noting that = FAl/g^ + K~^Z with 1 /°^ = ...; r]i/XiV) provides an upper 

bound |C(t) - C(t)| < Kec(^) < any A; > 0 . 

A closed loop trajectory of S and S as well as the output difference and the the¬ 
oretical bound = limfc^oo Kec are illustrated in Figure]^ A bound for ||zzi||oo 
follows by |iFi^i(xi — PiXi)| -|- \Ki^^wi\ -|- iFi^ 4 |-Ui| < 5.7 where we used |xi — PiXi| < 
Vi{xi,xi)/< 0.47 and |t&i| = l^sl < 6. Similarly we obtain HhsHoo < 4.4. 
For the example trajectory in Figure the inputs vi and never exceeded 1.2 and 
0.31, respectively. 



Figure 4. Left: The specification with closed loop trajectories of S 
(red) and S (blue). The green dot marks the initial state. The sets S and 
Tj are given by S = S \ S with S = [— 6 , 6 ] x [— 1 , 1 ] x [— 6 , 6 ] x [— 1 , 1 ] 
and [-5,5] X [-1,1] X [-5,5] X [-1,1], Ti = ^[-1,1] x [-1,1] x 

[5,6] X [-1,1], T 2 = [-6,-5] X [-1,1] X [-5,-4] X [-1,1], and T 3 = 
[5,6] X [—1,1] X [-5,-4] X [—1,1]. Right: The output difference (blue) 
and the upper bound obtained from (31) (red). 


Remark 4. As the controller synthesis algorithms implemented in SCOTS operate on a 
hnite abstraction of the concrete system, which is obtained by a uniform discretization of 
the state space, it would not have been possible to synthesize a controller for the original 
system S, without the lower dimensional intermediate approximation S. 
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7. Summary 

In this paper we presented a compositional reasoning approach based on a small gain 
type argument in connection with approximate abstractions of nonlinear control sys¬ 
tems. Given that the small gain type condition is satished, we showed how to construct 
an approximate abstraction together with a simulation function for an interconnected 
nonlinear control system from the abstractions and simulation functions of its subsys¬ 
tems. Moreover, for the special case of linear control systems, we characterized simula¬ 
tion functions in terms of a controlled invariant, externally stabilizable subspace. Based 
on this characterization, we proposed a particular scheme to construct approximate 
abstractions together with the associate simulation functions. 
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Lemma 1. Let a : M>o —)■ M>o be a monotonically increasing function, differentiable 

on M>o, and consider a function / : —)■ M>o. Then we have for all G M” with 

f{x) > 0 


D+{a o f){x, v) < a{f{x))D+f{x, v). (34) 

Proof. As a is monotonically increasing and differentiable on M>o we have for all t/o G 

M>o 


0 < a{yo) = liminf {a{y) - a{yo))/{y - yo) 
y^yo,y<yo 

= \imsup {a{y) - a{yo))/iy-yo). 
y^yo,y>yo 

Let X eMP with yo = f[x) > 0 and v G M”. There exists a sequence (ti)igN in M>o with 
limit 0 so that 


D"^{ao f){x,v) = lim ^(a(/(a; + tiu)) -a{f{x))). 


If f{x + tiv) = f{x) for all i> j for some j G N, we have D~^{a o f)(x,v) = 0 and 
D~^f{x,v) > 0, which shows (34). If for every j G N there exists i > j so that f{x + 
tiv) — f{x) > 0 holds, we set yi = f{x + tiv), y = f{x) and pick a subsequence ifi.) 
of {ti) so that yi^ > y for all ij. Since (a(t/q) - a{y))/{yi. - 1 /) > 0 and f{x + fw) - 



COMPOSITIONAL CONSTRUCTION OF APPROXIMATE ABSTRACTIONS 


21 


/(x) > 0, for all j eN we get 

aiVij) - a{y) f{x + tj.v) - f{x) 

Vij - y Uj 


/ «(l/u) - “(2/) r /(^ + - /(^) 

< lim sup- - -lim sup- - - 

j^oo Vij ~ y j->-oo tij 

< a{f{x))D'^f{x,v). 


If {ui — y)i£n contains infinitely negative entries, we pick a subsequence (ti.) of (fj) so 
that we have i/i. < y for all ij and use a similar reasoning as in the previous case to 
arrive at (34). □ 


Proof of Theorem^ Let us dehne the /Coo function jl{s) := /i(s,..., s). We consider 
the trajectories (^,C, p, cn) and z>, ca) of the control systems E and S, respectively. 
We assume that u is given such that (|^ holds with x = f{t), x = ^{t), u = z/(/:), u = 
w = uj{t), w = u{t) for all t G M>o. We dehne c = (2p(| |i>| |oo) + 2/i(| |a; — a;| |oo)) and 

the set S = {(x;x) e M” x M” | V{x,x) < c}. From (|^, we see that y{t) := V{i{f),f{t)) 
satishes, whenever is outside the set S, i.e. y(t) > c, the inequality 


D^yipi) = D^V 




(35) 


where the equality in (35) follows from [25l Thm 4.3, Rmk 4.4, pp. 353]. Hence, y is 
decreasing for y{t) > c. Suppose for all t G ]a,b[ C M>o we have y(t) > c, then t',t G 
]a,&[ with t' < t implies y(t') < y{t) — | y{s)ds [2HI Thm 2.3, Rmk 2.5]. We show 
that S is forward invariant, i.e., if there exists to > 0 with (^(to),^(to)) G S then we 
have G S for all t > to. Let (^(to),^(to)) E S and suppose to the contrary 

that the trajectories leave S. Since S is closed, there exists ti > to and £ G ]R>o such 
that y(ti) >c + e. Let ti be minimal for this choice of e. Since y{t) is continuous 
in t, there exists 5 > 0 with 5 <ti — to, so that y{t) > c holds for all t G ti + ]—5, (5[. 
However, y is decreasing on ]—<5, which contradicts the minimality of ti. It follows that 
S is forward invariant and the output trajectories satisfy for all t > to the inequality 


< Q!“^ (A“^ ( 2 p(||h||oo) + 2 / 2(1 |a; - (hiloo))) 

^ Text(11P| 1 00 ) T qint (11^ 11 00 ) (26) 


with the /C U {0} functions 7ext('S) := Q!“^(A“^(4p(s))) and 7int(s) := tt~^(-^~^(4/2(s))). 
Note that here we used the fact that for any /C U {0} function 7 the inequality 7(0 + b) < 
7(2a) + 7 ( 25 ) holds for all a,b E M>o. 

We proceed with the analysis of the trajectories outside of S. We dehne to = inf{t | 
G S'} (possibly inhnite) and observe that the function y(t) = V{f(t),^(t)) is 
absolutely continuous, since V is locally Lipschitz and the state trajectories are ab¬ 
solutely continuous. Hence, y{t) is differentiable almost everywhere and y satishes 
y{t) < —|A(i/(t)) for almost all t G [0,to[. 

Then we apply Lemma 4.4 in [20] and obtain a ICC function f] with /9(r, 0) = r, 
depending only on A, so that y{t) < P{y{0),t) holds for all t G [0, to[. It follows that the 
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output trajectories satisfy for all t E [0,to[ the inequality 

IC(i)-C(t)l</3(rK(0),5(0)),i) 


(37) 


with (3{r, t) = t)). By combining the bounds (36) and (37) we obtain the desired 

estimate (|^. 

Proof of Corollary It follows immediately by the previous derivations that V 
satishes ([^ with the ICC function given by /3 (as determined in the previous proof) and 
the K. U {0} functions are given by 7ext(’S) := A“^(4p(s)) and 7int(s) := A“^(4/i(s)). 
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